Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
not banned anymore :D
What would Brian Boitano do?
Don't go telling the general public MAC addresses are changeable. If someone creates a program to easily do the change, we could have some major routing issues should people choose the same MAC addresses.
How can you change a MAC address other than by purchasing a new NIC?
1) Get your mac adress banned
2) Sell Network Card
3) Some one buys new card
4) They are banned
There will be plenty of second hand NICS for sale becuase of this. its a 1 2 3 profit plan.
It's all too easy. Figure out their IP, get their MAC, put it on your router, get banned, change your MAC back, enjoy your new unopposed domination.
Too many violations from that IP range? Ban the /24 it came from. Send back a "Too many cheaters from your ISP" error.
MACs are too easily changed, but then again, so are IP's. But considering most gamers have DSL with a static IP, an IP ban is a much better option.
I know that if i changed my network card then my MAC Address will change too, but can i change it or spoof it via any currently available windows based software ? i know that it is possible via *nix but this doesnt really help the gamers
any ideas how its possible ?
AJ
As if people whining on CounterStrike weren't bad enough, now we have to listing to 14 year olds complain about having to buy a new NIC every time they cheat online.
"It's hard to be a man when there's a gun in your hand"
...until the MAC address generators have gone through all the "MAC-space" of possible addresses...
Wireless APs like Linksys' already come with a web admin that lets you specify *any* MAC address, apparently to please some cable/adsl providers that measure traffic/authenticate (partly) based on this.
Why not provide a public key server and ask people to submit they public OpenPGP key, signe by P. Zimmermann himself ? Get your identity trusted by Z. or go play somewhere else... After all, this seems to imply they want "real" players!
Notepad specialist & FAT administrator, group training available
Not to sound like a troll, but I thought they the MAC address was burned in to the chips themselves? Thats that they always told us in College. Then again, I didn't go to a very reputable college. =D
There's really no need to change your MAC address.
They're violating the simple rule about never trusting the client. All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless. You don't even have to change your MAC address. And since MAC addresses are only used at the Ethernet level, not at the [TCP|UDP]/IP level, it doesn't matter that the server thinks your MAC address is different than it is.
They've been trying this crap for years with cable modems. Until I got a router, I used to use two different machines, each with the same MAC address installed. Worked out great. It's easy to change, too. It's also let me on at friends' offices, where access is MAC controlled. We log on a machine, write down the address, shut it down, boot mine up, change the address, and log on.
Who does it stop? Honest people.
Who won't it stop? The same people hacking their games in the first place.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
ifconfig eth0 hw ether aa:dd:rr:ee:ss
Of course it's not open source; the last thing they want is users making changes to this program. Then it would be of no use to them.
-- Cheers!
Which MAC-address will the server see if I'm behind a firewall ? The one from my firewall, or the pc which I'm woking behind ?
I keep a fresh supply of token ring cards handy to swap out if the need arrises.
And im not joking:
http://gambit32.org/albums/other/aag.jpg
...once more and more hardwired IDs come out. In a year or two I wouldn't be surprised if PC ID software similar to this will extract IDs from video chipset, motherboard chipset, CPU, and hard drive, all invisibly and seamlessly. And although crackers will doubtless gleefully vomit out ways to spoof them all to allow criminals to run rampant, most nasties won't bother to use it all.
J.E.B.
Joshua Corps
No, it's not going too far. The game server admins can run the server however they choose fit. If you don't like the rules, don't use the server!
However, the majority of people don't know how to reset their MAC addresses. Also, as I believe to be true, some broadband providers specifically use MAC addresses to verify access. For instance, my Comcast cable modem does everything by MAC, so if I change my NIC in my machine, I need to power off/on the cable modem in order to get back through to the Internet. Although this is sort of a minor issue, some other ISPs may be more strict about MAC changes.
Overall, the admins figure they will cut out 99% of the hacking attempts as people would just go elsewhere, or once they did cheat, just wouldn't know how to change their MAC.
What happens if you are logged in via dial-up? Will it ban the MAC address of the box at the ISP that you're dialed in to? :)
NAT routers such as the Linksys range allow you to specify the MAC address from their web-based setup - ideal if your broadband provider insists on you registering (and limiting the number of) MAC addresses of all the machines going to connect.
I wonder what they'll do when they discover several simultaneous connections to the server (and sessions) from the same MAC?
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
Just wondering if anyone has any solutions that would be easy to implement and hard to get around...
sig.
Does not the current IPv6 address allocation standard specify using your MAC address as the suffix portion of the IPv6 address? This is merely a taste of things to come if/when IPv6 becomes widely deployed, when your very IPv6 address can uniquely identify the hardware you are on (unless you use IPv6 NAT, of course.)
And yes, presently, you can probably change the MAC address of your system. However, once software vendors and DRM technologies and other things start locking themselves to your computer hardware, I suspect changing the MAC address would cause problems. The only thing this game company has to do is when the game is installed is to lock the licence to the present MAC address so it will not run with a changed IP address without a new licence.
Why would this be going too far? This is "just" a tracking mechanism for your MAC address, to make sure you've not been banned by this site. In my opinion, there are plenty of examples of going WAY too far with tracking mechanisms and other invasive software that is actually transferred to your computer... ala Kazaa, Morpheus, etc.
;-) )
You also have to admit that much of the population won't know how to change their NIC's MAC and/or won't want to go to the expense of buying a whole new NIC if they get banned (picture a 15-year old asking dad for a new NIC every week, for example), so it would be effective on some level.
Of course, I suppose that won't necessarily stop spammers who know how to use the holes... but what will stop spammers? (And can you let me know about it?
I think it's just another system that works, but has holes like any other.
- Proofs of Sturgeon's Law Delivered Daily -
here's how to change it for nt/2000
windows2000faq
-advanced tab in adapter properties
linux
eepro100 list
-ifconfig eth0 hwaddr ether 00:11:22:33:44:55
this is exactly why microsoft's registration process uses a lot more than just the mac address.
Nope, MAC addresses won't work. You'd have to have a unique number that's hard coded into something expensive. The Pentium III's CPUID feature would work. However, as much as I hate cheaters in my favorite games, I don't like an ID number open to abuse.
Quake III has recently enabled anti-cheat software called Punk Buster. It does a ban via your Quake III CD-Key, so you can't play on any Punk Buster enabled servers if you get banned. But with the game under $20 at BestBuy, I'm not sure if it will stop many of the problems.
Cthulhu Saves.
When I was involved with the initial deployment of DSL service in Canada, our customer ran into an interesting problem: many of the low-cost NICs that they shipped with the DSL modem had the same MAC.
Under most circumstances, this is seldom an issue since the NICs aren't likely to be deployed on the same network segment. However, when the MAC is used for other tracking services (in this case, a layer-2 NAT), you have a problem.
And of course, as others have said, most NICs permit the factory MAC to be overridden.
You have to change your network card? Is your username bound to one mac address? Or can I have lots of them? Really it doesn't matter. Companies like this won't ever catch on very big. With all the compaines out there right now giving you a free taste 1st(most don't even require registering) no one will pay the up front cost(even if it is time of install or time of registering). Like Balmer said, We can't beat free. If they want to implement this kinda stuff they have to offer a free service 1st to the people just to get them to consider their pay service. Then spin it by saying "are you tired of playing on our free servers with all the cheeters and annoying people?"
Games houses should get together and make sure their software imposes strict configs which could be imposed by the server.
Hey, there could even be another industry standard (RFC anyone?) - after 6 years of wrangling...
FI. If you had patched / loaded a plugin, the server could talk to the game, query the setup and reject the player.
Obviously there are always ways round this (hack the exe etc.), but this I think is the only sensible method.
Either that or become an ubergamer and beat the cheaters.
I would say it's rather fair.
This should encourage people not to use cheats which increases a fair game. I see no problem with that. It should make online gaming more fun.
And also if it can be used to track illegal copies. You should pay for the games. I have no problem with that either. A companie writes a game and should get payed for it.
Here I only mention two mayor problems with games and if extreme measures have to be taken for people not to cheat or even buy the game like they should do... why not. There is no law that says it's ok to screw others. Is there?
Privacy is terrorism.
"The response from players is mixed. It is not open source software, nor is it optional to install."
Neither is windows for playing many of todays top-selling titles. I want an outcry here but I don't see it. Is it because software not being open source does not matter to the average user or is it because people are too ignorant to care? It is funny to see an outcry when a company tries to stop actual cheating which spoils the game for all, instead of putting energy where it matters.
Punkbuster has seemed to do pretty damn well for RTCW. It's been implemented in Quake3 but hasn't yet been 'turned on' by punkbuster (they're still waiting until all the stability issues are cleaned up with it before flicking the switch).
You can change the MAC address of the on-board nic in the BIOS on this motherboard. I'm sure there's plenty of others...
No Norm, those are your safety glasses; I'll wear my own thanks...
Why is this considered to affect anyone's rights? It is a private company setting conditions for use of its resources, same as if they were writing a license for people to use their software. They have an indisputable right to do this.
As the blurb says, find another server to play on. This is not like the government forcing everyone to submit to their dictates.
It only harms their business, no one else.
People should not fear their government. Governments should fear their people.
>If someone creates a program to easily do the change
what, like ifconfig?!
The following may be considered circumvention devices because they have no significant use other than to circumvent access control to copyrighted software update files:
Will I retire or break 10K?
>"...Question remains, is it going too far?" Definitely not-
Thanks for answering that one for us. Without your moral framework we would be lost in the chaotic hell of self determination.
Why stick up for big business?
I think PKI would be ideal for this purpose. MAC addresses obviously not. Maybe adding PKI code to games would even encourage people to buy a personal certificate. I never had a good reason to buy one but a cheater free CS-server is certainly worth it. They could even bundle games with Verisign certificate vouchers or something. If some people are worried about there privacy you could just create games certificates. Of course people should keep there private keys private.
The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.
This is just as silly as gun control because it makes the assumption that you can pass "laws" that will stop people that, by their very definition, do not obey laws!
...cheat the protection.
Here, they're saying "we're going to introduce a software "lock" that will prevent you from cheating." Great. So the people who want to cheat in the game are going to (say it with me now)
Are the people who wrote this bit of client-side [*cough*] security really under the impression that MAC addresses are immutable? Perhaps they know damned well it isn't but was kinda hoping that nobody would tell their client? This has the earmark of an initiative by some dip in a suit who never bothered to consult a single knowledgable, technical person.
Whatever. It might take two days before a patch/spoofer is readily available for the habitual cheaters. All it has to do is spit out a fake MAC address when queried.
My
Limekiller
Can you here the disappointment in CmdrTaco's snippet? I'm surprised he bothered posting this article. Taco has already thought of this and realized that it won't work.
He's tried everything and he still can't shake the Trolls. Hell, even if he disables AC the Trolls login now.
This type of thing has been going around with most colleges that contain large networks. They use it to monitor your bandwidth and if it exceeds a certain amount they will disconnect you for a month (happened to someone I know, not a happy person upon this occuring).
With 281474976710656 possible combinations of mac addresses.
This has been going on for a while, though without MAC addresses, a much simpler system. Most multiplayer games thesedays come with a CD-Key thats authenticated by a central server whenever you play a game. The CDkey usually has a unique ID strapped to it that is publically accessible by admins or players. You ban the ID, they cannot connect to the game without changing their CDkey (which means either buying a new copy or finding another cdkey that works online, neither are 'easy'). If MAC addresses can be changed, then as soon as a couple of like-minded gamers find out about that, you can count on their being a guide on how to do it for gamers eventually. The best way handle this is on both a MAC, and CDkey-ID level. Ban their MAC, and ban their ID, that will stop all but the most determined/knowledgable.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
It's actually because your cable modem router (unless it's connected directly by USB to your computer, it's not a modem -- it's a router, routing IP traffic over the cable xDSL link) has your old MAC address in the ARP cache, so it gets temporarily confused. Power-cycling clears out the cache. No magic tricks involved. ISPs simply can't know the MAC addresses on your network, unless they've hacked your router to give them some kind of inbound access to your network.
And ban the ~252 other potential hosts on that network?
You have to weigh the damage that a cheater is causing against the damage that loss of about two legitimate players on the same /24 would cause. If a fellow is making a big enough fool of himself, and the service isn't yet popular enough that a ban might cause a financially significant number of cancellations of service, a "Too many cheaters from your ISP" message may be warranted.
Will I retire or break 10K?
Barrysworld in the UK have recently introduced a pay-to-play system restricting access to their gaming servers based on IP address. Users on dynamic IPs need to run a (closed-source) app (or login to a website) before they can play. It's resulted in a massive drop in use of their servers.
Call me crazy, but how, exactly, does ones MAC address end up being sent over anything but your local ethernet network?
Once that packet hits your internet gateway, the ethernet header containing your MAC is stripped, and an HDLC or FR packet is constructed from the ethernet payload and sent out over the WAN link.
Are they really embedding MAC addresses into the payload? This will only work if you actually have an ethernet card in your computer. So only those lucky enough to have broadband will be effected?
Any program you can run can be changed by you.
It's only a little more difficult, so that most likely the advantages of changes will only be used for illegal actions.
So have they come up with a foolproof way of detecting cheaters and people using hacks? Sure, there are client-side/server-side program combinations to identify the use of known cheats (see Half-Life) but if they start to let server admins or "regulars" report cheaters then this just isn't going to work. Even server admins will kick-ban people who aren't really cheating simply because the player is dominating. At the very least, they better be only identifying cheaters by detecting known programs or modifications.
On a related note, either Half-Life or the Counter-Strike mod will dump detected cheaters into a global database. This database is not being used for anything right now but it may be in the future.
Many ethernet drivers with this capability have an option for just this. For example, if you have a 3c918, click "configure" under network properties in win2k for that adapter. Select the "advanced" tab. On the left, you'll have an option called "network address" that's normally set to "Not Present". Change it to a specified value, and type in "DEADBEEFBABE" or whatever MAC address you want.
Bingo.
Black holes are where the Matrix raised SIGFPE
No, it's not going too far. The game server admins can run the server however they choose fit. If you don't like the rules, don't use the server!
Tell that to your local electric power company. What if the server company with the crappy policy is the exclusive server in your area for a particular game? Do they really want the loss of customers that a policy of "one strike and you buy a new network card, or a new computer if you have onboard networking and the MAC is hardwired" would cause? Do they want the badwill that would inevitably build up as accidental permanent bans force users to put up anti-that-server web sites?
Will I retire or break 10K?
They'll have the knowledge to change their MAC (or find it easily)
Cheat programs are inherently "underground" programs, wherease you can find MAC changing references everywhere.
And it won't be long before a hacked version of this client becomes available that doesn't even require you to change your local MAC, it'll just misreport it. So no issues with the cable modem provider.
retrorocket.o not found, launch anyway?
All this is going to far for my taste, they try to stop a social problem with non-working technical 'solutions'. After all games should be fun to play, but banning people will not be fun, so I think this is the wrong direction. Instead of banning people I would like to see a solution in the direction of a web-of-trust. A web-of-trust that rates players ability, there experience, there teamplayer, if they are cheater or not and things like that. So if somebody want to start a match he will not only be able to pick a random server, but instead pick one with players that are close to his abilities, so that the game will result in a fair play, instead of having a bunch of newcomers overrun by experienced players. There could be server that are locked and only accessible for players with a specific trust or ability level and things like that. After all I think that such a solution could result in more fun for the player, while cheater would probally have a harder time, since they would play mostly against other cheaters. This might not work for eSports and things like that where people play for money and where cheating is a considered a crime, but it should be enough for Joey Gamer who just wants to have fun.
The MAC is 48 bits, split in two, don't remember how many bits each part. One part is the manufacturer id, the other is the specific card, such as a sequential serial number. MACs are assigned when built, non-changeable, a truly unique card id.
However, you can tell the OS to report a different MAC. That's what "changing your MAC" means, it doesn't actually change the MAC on the card, but it changes what the OS reports.
This is also a good example of why Palladium and trusted computing can't have just any old OS running on a computer. DRM requires complete control, not just a little bit of special software.
Infuriate left and right
There's a big hullabaloo about this, but I met one of the guys writing this software (a close mate of mine did the interface / icons etc), and he was your regular average geek... Apart from recording your mac address, it's pretty good software. Seems better than gamespy that's fer sure, and has a built in irc client.
Personally I don't think the mac address recording is all that bad... Your average person who cares that it's recorded can change it easily, and your average 12 year old cheating 5||21p7 |1DD13 probably won't even know why he got banned...
Send lawyers, guns, and money!
Blue skies, Barthy Burgers, girls...
You're kidding me!
It's solid code of honor amongst Clans not to cheat. Anybody as dedicated to playing online action games would render his pasttime pointless by cheating. And if anyone found out you've cheated your way into Ladder position you'd get an extremely hard time (on and offline).
:-)
And when you're playing on a public server, cheaters are easyly identified by playing like crap and either scoring immediate kills once they actually *do* manage to hit or by simply not throwing the towel no matter how many times you flak them at point-blank. Both area mostly less than minor drags to a skilled player and have a somewhat funny aspect to it.
I've seen entire matches in UT (1st) where cheaters we're just plain ignored because of the simply fact their skill level (not trained by playing under real conditions) rendered them something more like 'moving obstacles' rather than actuall participants.
Anyhow, some one using more subtle cheats, such as see-through textures or so, can be anoying. Then on the other hand, if you're that good to know for shure that someone is using such a cheat, you'll be playing clan games most of the time anyway. And I haven't met a single Clan player cheating yet. At least none of mentionable Clans.
BTW: I once had a cheater on my team in a pub UT CTF match. I switched sides and telefragged him 'til he gave up and disconnected. That was fun.
We suffer more in our imagination than in reality. - Seneca
Like i dont have a spare Nic card
NIC's MAC address to identify your computer
Shouldn't that read "NIC's MAC address to identify your NIC"? And even then, it isn't fool proof as the MAC address can be changed...
-- Mike
Don't gamble...
Anything that makes it harder for people to gamble the better.
thank God the internet isn't a human right.
Have you read the EULA of PunkBuster? They reserve the right to snoop inside your system in any way they want AND transfer screenshots made while you are online as well as other data. This is spyware on a disturbing level - I declined to "install this software" when I updated Q3.
I also do not think MAC addresses or anything like it will work as long as "the client is in the hands of the enemy". Perhaps a Palladium-DRM-PC by M$ will offer the security server admins want... but will it offer the privacy the user needs?
Yet again "anti-cheat" technology that just serves to infuriate real games, and is easily bypassed/defeated by the cheaters themselves
Now we all know that that cheating in online games is for the most part a Bad Thing (tm). We all remember the original Quake bots (my personal favorite was the StoogeBot) that required a certain measure of circumventing of built-in precautions. Generally when people were caught, they heard about it. Flames, kicks, bans, you name it.
Now we have issues of people using similar circumventions to get around copy protection instead of anti-cheating measures. I realize that this isn't exactly the same thing, but the two scenarios have a common theme: people using third-party software to use a product in a manner in which it was never intended.
What I find amusing is that generally (at least on Slashdot) the circumvention of copy protection is usually regarded as a Good Thing (tm), but becomes less desirable when it comes to games.
Could it be that third-party circumvention is a good thing as long as it doesn't negatively affect you?
"Ask not what your country can do for you." --John F. Kennedy
Since anything that runs on a client can be compromized (there is _no_ way to make sure this doesnt happen) the only real option for games is to just send pre rendered graphical images to the client which in turn sends back the client keystrokes. this is ofcourse way too bandwidth and serverside intensive to work with current technology, imagine doing this for a MMORPG with 60k users online simultaniously :) .. and even if you use this method the cheaters can respond by writing pattern-reqognition systems which still will be able to autoaim and such (although it raises the bar considerably).
it DOES remove the threat of wallhacks and clientside radars but a good game protocol shouldnt send information about things outside of the clients vision anyway.
K
-- gunzip-howto.tar.gz
I wonder how many people will change theirs to same as mine...
-- bartman
If they want something static, why go with MAC? They could just make an MD5 of some system specific info. That can't be easily tampered with. I'm not suggesting this, just making a statement :-)
Ok, that's the dumbest thing yet... You can fake IP's, everyone knows that... But, you can also fake MAC Addresses... HEll my LinkSys Router does it, Cisco's do it, and I'm sure most other devices like that do it too..... Besides, like mentioned earlier, you can always rewrite your frame generator to spoof or report and invalid MAC, ... this is all fairly easy to do, so why waste time doing this. I have already admin'd a Counter-Strike server, if someone wants in and wants to cheat bad enough, they will do it.. PERIOD!, no matter how hard you lock it down.. so quit the whinning and get back to kicking them.!!
The cogsauth118.bin file that you download from Telstra Gamearena is actually a "PDV" self-extracting archive. It is basically a tar archive with an executable header. You can therefore easily bypass the EULA with the following command:
roku$ tail -c +7862 ~/cogsauth118.bin | tar zxvf -
cogsauth118
eula.txt
gzip: stdin: decompression OK, trailing garbage ignored
tar: Child returned status 2
tar: Error exit delayed from previous errors
roku$ size cogsauth118
text data bss dec hex filename
6613 348 32 6993 1b51 cogsauth118
Since the binary is so small, it should be an easy target for someone to reverse engineer. (Apologies for posting anonymously - I have no desire to battle the Telstra dogs.)
a) tokens for which you must pay. Obvious drawback - who will pay?
b) tokens given by some central authority based on your real life ID (SSN or something) one token per customer. Obvious drawbacks - troublesome as hell, privacy issues.
Of course, if you're caught cheating/hacking, your token is revoked and
a) you have to pay for another one
b) you won't get another one, since you've already used your SSN.
I don't know if this is 'easy to implement', but sure is hard to get around.
PS. Whoever modded parent 'offtopic' is a moron - sorry, had to say that.
As stated about "changing the MAC" is really just having the OS report a different MAC than the one burned into the network card. However, is it not possible to query the physical card vs. the OS?
If they are doing it that way, then there won't be any cheating.
It is thier network, and they can take thier computers and "go home" if they wish.
Whether it's in the name of catching cheaters or catching terrorists, our freedom and autonomy are about to evaporate.
Yeah, this definitely won't work with my Sun IPX. (As if that's an issue...) Ever since I left it in the trunk of my car for an entire winter (a harsh one, at that - nary a night of temperatures above -10F did we see, and quite frequently it was much colder even than that), the NVRAM gets reset when the box is powered down. So now I get errors from the PROM at power-up, because my MAC address is ff:ff:ff:ff:ff:ff and my machine ID is also all 1's. So I have to write some Forth every time I boot up (the only bad part being that I have to do it at the console, and I don't have a serial console cable, so I have to lug out the behemoth 19" monitor that goes with it), in order to set my MAC address to something valid and to generate all the parity and checksums and whatnot.
Pretty much all cable and ADSL connections for home users use dynamic IP, admittedly with large lease times. Why? because static IP accounts are nearly double the price because they are considered business class accounts. Just another example of us Australians getting screwed over Internet access.
Besides, it's a paid service isn't it? Wouldn't banning a paying customer's IP address without any evidence that that customer did anything, just because another customer using the same ISP cheated, be breach of contract.
I've been to the site, read some of their forums, and it does seem that the company have been a little heavy-handed in their introduction of this.
They deserve the slashdotting they are so close to getting (well, I find the web site pathetically slow from Europe).
Go on, give them a good few page refreshes and set a couple of robots on them too!
Yakman forgot to mention, but if you're working with a Token Ring network you've got to be careful with the cabling. I can't count the number of times a secretary unplugged her system only to lose the damn token and down the network, and naturally one never seems to have a spare on hand when this happens (usually on Monday).
1. Grab your good old disasm+bined combo.
2. Do some crack.
3. Go to jail.
4. Sell crack.
5. Profit.
We have a s***load of Synoptics/Bay Networks fully managed TR MAU's just sitting here, take them PLEASE!!!
/* FUCK - The F-word is here so that you can grep for it */
For a bunch of reasons, but two to think about:
1) Many windows drivers let you put in arbitrary MAC's. Ban me? No prob, I'll change it to something else.
2) Many firewalls will let you do the same thing.
3) Ethernet cards cost what...a dollar or two at a used computer swap meet? If it comes down to it just keep a stack of 10.
It appears this is intended to catch people clever enough to cheat, but not clever enough to change their MAC address.
Another example of poorly contructed solutions to a badly defined problem.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
But the MAC-method obviously isn't a viable solution. I was actually hoping that matters would turn out better with internet console gaming, but seeing that XBoxs and PS2s can me mod-chipped I'm not setting my expectations too high.
The only solution I came up with that might work better is making the first sign-in/subscription rather hard. For example by sending each player a letter by snail-mail with their sign-in code. Thus if you get banned you need days to sign in again.
But I don't think there is a technology solution, because basically everything on a home machine can be hacked. Be it the game itself or some driver.
I remember everyone accusing anyone that was any good of being a cheater two years ago. I heard it's worst now.
Now I am reading there are methods to ban players - Punk Buster and now this.
Just one problem:
Are we going to have courts? Evidence? Or are people to be banned based solely on the testimony of "Nadbuster "?
Hell, in real life, with professional law enforcement personnel, mistakes happen - even in CAPITAL CRIME trials.
Glad I only play online with friends now...
Robots are everywhere, and they eat old people's medicine for fuel.
Simple: if you are winning at Counter Strike despite a ping of 1,000+, then you must be cheating.
I mean, duh...
--- My dad's political betting
It is not open source software, nor is it optional to install.
If they're really interested in blocking cheaters, etc., how in the world could anyone see fit to question 1) why it is not open source, and 2) why it is not optional to install ? If it was either of these things, then 1) it would be trivial to alter the source to render the code useless, or 2) people just wouldn't install it and cheat anyways.
Agendas aside, people have to start using some common sense before whining about issues which make no sense.
Definitely not
Are you nuts? Of course its going to far!
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
No thanks about drawing commercial CAs into it. If a game publisher *was* to implement such a system, they would simply make themselves a CA and distribute their CA cert with the software. They *could* go so far as including a private key with each copy of the software, but costs would skyrocket if releasing en mass. The system I would envision here is that one purchases the game, gets online, and goes to the server and registers the CD-Key in exchange for having a private key signed. The advantages would, of course, be that the authentication mechanism is not prone to theft (i.e. the server being connected to never sees your important credentials, no vulnerable information is transmitted over the wire), and could be more enforceable (coming up with a keygen is one thing, trying to fake a 4096 bit key with signed certificate is another), provided the process for getting a certificate were sufficiently rigorous.
Hell, if the game was critically dependent on online functionality, you could let the game go free on the net and just sell CD-Keys. If any small projects want to try to make it big without the potentially crippling barrier to entry into mass distributers, this would be the way I would think... Stick it on Gnutella and let people *think* it is illegal to download and its popularity could be good...
XML is like violence. If it doesn't solve the problem, use more.
Comment removed based on user account deletion
A few years ago, when everybody was whining on about PSN, I went around explaining to people that their computer already had a unique number, and a lot of them didn't even believe me.
:-).
:-).
I have always wondered whether Intel cancelled PSN when they realised that it was, basically, pointless.
Why doesn't Slashdot ban people based on their Mac address, if they troll too much? That would be quite funny. The current scheme of banning IP addresses is going to be pretty pointless when IPV6 becomes popular
I wonder who will be the first to post a "First IPV6 post"
That's what I would do if I were writing the software. Bwa ha ha ha, etc.
:wq
Well, that's two corrections so far, mea culpa it seems ... the cards we manufactured had the MAC in NVRAM, I suppose someone could have changed it, but I didn't think the OS ops actually did so for any cards. Mea culpa, eh, sorry about ass-u-me-ing something.
Infuriate left and right
Actually it does; in an ethernet frame. That's how your switch "learns" the mac addresses of all the NICs connected to it before you've run anything higher in the OSI model.
-ted
There are a few other problems with this software (it's called COGS) than just the fact that it can't really block dedicated cheaters. Sure, measures to block cheaters are fine, but this one went too far.
1. It's buggy as all hell, everytime I log on it downloads a new patch, and still doesn't always run properly. And this is after supposedly extensive testing.
2. It's unsecure, it transmits your username and password as get parameters for authentication.
3. Originally it was going to be released without Mac and Linux versions. (This has since been changed.)
4. It's basically trying to replace programs we already know and use. It has an in-built IRC client that automatically connects to the GameArena server (which we obviously already had), a server browser (we already had ServerQuery [serverquery.qgl.org] which is lightweight yet adequate, also GPLed) and even a web browser that opens the main GameArena site. All activities we had perfectly fine utilities for, yet someone has made a half-arsed effort to replace them.
Perhaps if it had been better executed we would have been a bit more accepting, but the amateur coding effort along with the draconian "use it or leave" policy has left a lot of gamers with a negative view of COGS.
Z
At the two cable ISP's that I've had experience with, they use the MAC address to do DHCP assignemnt. So if you change your MAC you wont get an IP.
I have installed almost 10 LinkSys cable routers this semester for people. These were the 1st "routers" I installed since @home was broken up. The new guys are logining the the MAC address of the machine which signs up for the internet(ie 1st one to set up attached to modem). If the MAC changes, you get dumped to a screen stating your trying to use an unathorized computer on their network. Well, thank LinkSys for letting us change the MAC address on the router. Changed the bad boy to the MAC of the local PC, and BOOM! instant Internet connection sharing!
I have been accused of cheating at CounterStrike more than once, and have been banned from the KGB servers for killing clan members too often (I guess) - but I NEVER cheat. People get bent out of shape when you kill them too frequently, they assume that if you are much better than they are that you must be cheating. Good grief. Fortunately there are a large number of good alternative servers out there - for these guys, I hope they are careful before they ban someone for being ACCUSED of cheating.
KK4SFV
Maybe I am missing something. ARP replies with the MAC address of my gateway for IP addresses that or on another subnet. This is as it should be.
Maybe I am missing something?
e8johan wrote:
:)
> I want an outcry here but I don't see it. Is it
> because software not being open source does not
> matter to the average user or is it because people
> are too ignorant to care? It is funny to see an
> outcry when a company tries to stop actual
> cheating which spoils the game for all, instead of
> putting energy where it matters.
This is not just a little utility for sending a MAC address. It is a browser (based on Internet Explorer: grand champion of security holes), a chat program, a client for their gaming system, etc. It has access to the machine's MAC, its web cache, its web history, etc. We have their word that it is not spyware. Do you honestly trust some internet company to be telling the truth about piracy issues in this day and age? Especially when they are giving away the program and the gaming memberships? If the program were open source (impossible because of the IE componenents) we could tell for sure.
The program imposes two further restrictions:
1) If you want your money's worth, you are pretty much restricted to Windows. Yes, they have clients for Mac and Linux, but at a decreased experience. Granted Linux does not have that much in the way of commercial gaming (TransGaming, please fix), but the Mac does. Heck the makers of Everquest have even been mumbling something about a Mac version.
2) The MAC feature attempts to glue the account to a single machine. Say you are at your friend's house. Your friend has a completely legal setup, no warez or anything. You still can't log into your account and play because the MAC address is different. You could use your friend's account, but if you cheated, they wouldn't be able to use their account anymore (without changing their MAC or buying a new card).
Personally I prefer offline (especially console) gaming. I pay a lot for a game, and if I want to cheat, or access all the characters and features I paid for, I can. Besides, nothing online beats the cameraderie of having a real friend right there with you, laughing at all the silly stuff.
"Godzilla and Jaguar: Punch! Punch! Punch! Hit! Hit! Hit!
We die if they stop fighting for us."
Jet Jaguar Song, "Godzilla vs. Megalon"
Gees what a load of typos. Guess I didn't get enough sleep these days. Been playing too much Kohan:IS and UT2003. Would've you guessed? :-)
We suffer more in our imagination than in reality. - Seneca
Set up a few computers with bots hacked onto them and have the clients send out increments of MAC addresses, until all of them have been marked as cheaters.
Once nobody can connect they wont be able to use the system anymore. Shouldnt take too long if a few people here help out.
-- 'The' Lord and Master Bitman On High, Master Of All
> One of it's features
It is "it's" if it means "it is." Otherwise, it is "its." This is easy, people; it's not quantum mechanics.
Slashdot, where illiteracy is valued above anything else.
This sounds like a good application for GPG. Join a league, get your key signed, get on the "good list." Cheat (get caught cheating), and your public key is placed on the signed "bad list." Servers would "belong" to leagues by checking the league listings to authenticate users.
If you get on the bad list, you can make a new key, but you have to start from scratch paying dues or otherwise earning "member in good standing" status.
Thanks again Phil!
--- Nothing clever here: move along now...
There was once a very nice multiplayer games called NetTrek which also had a problem with cheaters on several servers (Due to the nature of the game, such clients were called Borg).
NetTrek addressed the problem of cheating on two levels. At a first level there were official, signed clients for different operating systems. So you had the source and could use your own localized or even borgified client in regular games, if you liked. But in order to participiate league games, you had to use their approved binary. That helped a little, but of course it would still be possible to write a borg client that parsed the X11 output of a signed binary and synthetized X11 events.
The other level at which NetTrek addressed the Borg problem was much smarter, though: The game server tried very hard not to send information to the client that the player should have no knowledge of. So one could borg an aimbot or other targetting helps, or write macroborgs that fire complicated predefined sequences of moves, but one could not reveal maps other otherwise gain more information than what was visible on screen anyway.
I'd like very much to hear what has become of the original NetTrek designers, and what modern games asre doing in order to prevent cheating. Are these techniques still useable?
Kristian
What's the big deal? If a private network doesn't want to let you in, why should they? A unique MAC addess is just another way of establishing who you are.
-- Slashdot: When Public Access TV Says "No"
How on earth can they ban me using my .Mac address form Apple? This just seems crazy. Well if they do I will just go get another one. -peel
> All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless.
How about just not cheating at all?
I think their solution will reduce the number of medicore cheaters (ie, gamers who know nothing about computers), but it won't stop the geek of courses. But from their POV, isn't even a moderate reduction in cheating worth their time and effort even if some will find ways around it?
i changed the drivers from a Realtek 8139-series PCI NIC to a SURECOM EP-320X-R 100/10/M PCI Adapter (which seem to be similar) and my MAC address changed accordingly
strange?
so if its always changeable why do places like ebay depend on this strategy to weed out fraud.. what are they incompetent?
Don't Tread on OpenSource
It seems people tend to confuse privacy with anonymity. Privacy means preventing others from getting information about you -- whether it's what kind of toothpaste you use or your SSN. Anonymity means preventing others from finding out who you are. The two are related, in that in practice they often go hand-in-hand. But they are distinct.
-Thomas
I'm using a PC.
For many people, being anonymous online means "I can do whatever I want" because there are no significant consequences for their misbehavior. To these people, I say: life is much nicer when you are nice to other people. Try it, you might be surprised.
-Thomas
Maybe there are some people that think that but I don't, and I didn't get the impression most of the posters do. These people have every right to ban cheaters anyway they can. But the fact of the matter is that this just won't work. It'll be childs play to defeat, and may well cause more inconvenience to random non-cheaters than the people they are trying to get rid of.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Great. This is another way to get rid of those pesky, honest players and my enemies.
I'll just assume their MAC address, misbehave like hell. Their MAC gets banned, and I get rid of the losers.
Alone, I shall reign through spite and malice.
Stop the brainwash
Any self-respecting cheater will get around MAC checking without any trouble. But I sure wish someone could come up with a good method of blocking cheaters for real. They completely ruin the game. I can't even play online games any more.
It seems to me, though, that it should be possible to engineer a game such that it's not possible to cheat. You can't stop people from hacking the client, but you could make the server detect "impossible" things and shut down the offender. I.e., someone moving way too fast. You could also design the client/server protocol such that not enough information is ever sent to the client to allow bots to do things like aim weapons flawlessly, unless they are able to interpret visuals like a human.
Microsoft machines will tell you their MAC when you do a NBTSTAT on them. At least one ISP I know of blocks NetBIOS traffic because of uncontrolled file sharing, but I don't know how common that is.
I think it's more likely that the ISP is blocking NetBIOS traffic because of all the security problems associated with it, rather than file sharing.
Since the ifconfig man pages contain instructions on how to change MAC addresses and
Since changing the MAC address would allow a cheater to circumvent access controls
Then are the ifconfig man pages now illegal in the US under the DMCA?
Mod me as redundant if you must, but I don't see what to say since in the parent text, the comment was made that MACs were addressable. I just want to know how much money was spent on this "ingenius" idea; fees that will be passed on to the consumer.
For this example, 2k Under Network Connections, you is looking at conn props, click 'Configure' button under network card. Click 'Advanced' tab. Highlight 'Network Address'. Click radio button to set a value. Enter whatever you like. You can be MAC address #1 if you like. King of the World! Voila! You have new MAC addy. No regedit or nasty some such ways of BSOD. I hope I am not redundandant.
Moderation in All Things... Especially Moderation - gurutc
"Any self-respecting cheater will get around MAC checking without any trouble. But I sure wish someone could come up with a good method of blocking cheaters for real."
To play on these servers, you have more than just the MAC of your NIC to stop you.
To play on these servers, they collect off you a unique username (must be created earlier), MAC address, IP address.
If you are caught cheating, you would have to create a new account, change your MAC and get assigned a new IP. If you get caught cheating, Your username and the cd-key (or other identifier) of the game you were playing is banned too. If within a short period of time someone with that IP & MAC try to get a new username - the request is denied.
Sure you could get around these things, but it will take significant effort and time to change IP, change MAC, get a new username, and a new cd-key.
This is a deterent - a cheater would rather find another server than waste soooo much time.
If only all gaming groups had such deterents.
Ok, so I bet when you create the account, it registers your NIC address, meaning if you change your MAC address like so many people have mentioned, you will have to re-register. Chances are each time you register you need to use a different e-mail address. Man, that must really make cheaters buy hundreds of Hotmail accounts (sure they may use other free services, but c'mon, it's fun to toy with M$. admit it).
today is spelling optional day.
There's got to be some way to statistically detect cheaters, like watching some critical factors. For example, if someone is beating everyone else by 100 frags (or whatever equviliant you use for your particular game), then they MIGHT be cheating!? The credit card companies do this to detect credit fraud, and it's unusually good at picking out unusual activity. Dunno, might be computationally intensive, but a neat thing to look at.
The average script kiddy is not going to know how to use IPFILTER or IPTABLES to mask the MAC address of a card, or how to use the NIC software to edit it, or even how to use the Windows XP MAC-Bridge function to mask it.
The average script kiddy will get banned and either buy another NIC, or be gone for good. The people with the technical savvy to be able to clone a MAC addres do not, in my experience, cheat / cheat at the level of being banned. Either they (like myself) only play games recreationally or not at all, or they play it just with friends so they don't care about cheating.
I think this is an effective step in the right direction. If Valve implimented this on WON, the quality of the game Counter-Strike would increase massively.
how big ? and besides, it not about size, it how you use it. So, here we go:
:)
1k = 1K
1000 = 1024
10**3 = 2**10
so we get,
2**48 = 2**8 * (10**3)**4 = 256 * 10**12
with 1 = k ; 2 = M ; 3 = G ; 4 = T ; 5 = P
that 's 2**48 = 0.2 Petas
and a peta is slightly less than a peseta.
And, you think less than 0.2 peseta is big ? You re sooo cheap
heck, if these people are so bound and determined to track down cheaters and keep them out, they just need to have firmer rules on their user account creation... eg. maybe have users sign up with a non-anonymous email account (non-yahoo, hotmail, etc) and have the user respond from their "real" email... its not totally effective, but... most people wouldnt go to the trouble of having more than 3 real email accounts... and that way they can ban users and not mac addys... but in my opinion.. people stay away from cheaters anyway
A fellow begged to be banned on GameRanger (Macintosh Game Server), with the forethought that he had zillions of IPs from which to choose. Turns out that those other ips didn't help.
So evidently he is using the mac address to ban people, perhaps even a combination of ip and mac address.
He never did get back on, until GameRanger was rebuilt, losing the ban information, I guess.
They can ask anything they want, regardless if it makes sence or not. Its their stuff..
Now this does sound pretty stupid with the ease of chaning MAC addresses, but its their choice, as is your choice to use or not to use their services.
What next... dongles?
---- Booth was a patriot ----
It's not as difficult as you might think. It would be quite easy for a script kiddy to type "ifconfig eth0 hw ether 11:22:33:44:55:66" and many windows ethernet drivers include the option to change it in the device properties. All one has to do is open up the device settings and change the "Network Address", or Media Address, or whatever the people writing the driver want to call it. Not to mention most script kiddy would be able to google for all the above information to get around the ban. Granted this is highly dependent on your NIC and I'm sure not all of them would have one that makes it this easy, but I doubt they will give up that easily either. I don't think this would stop anyone. Well, maybe once 281,474,976,710,656 MAC addresses are banned.
I work tech support at a small liberal arts college, and we require all students to register their machines within three weeks of getting on campus. We then lock their ports to their MAC addresses. If you need to move or change your card you can re-register, usually the change goes through in a day. We did it to make it easier to detect and limit email worms. If we see it coming from some specified port we close it off and the flag passes to the techs. So far it's worked pretty well, often we get people coming to us complaining that "their Internet doesn't work," usually it's because they got Klez and we shut their port off. Decent alarm system, really.
No statement is true, not even this one.
I live in Mexico. Dynamic 256/128k DSL goes for about $49/month while Static 256/128k DSL goes for like $89/month. Static would be kind of cool, but not THAT cool.
Besides, there's a certain additional amount of anonymity that one achieves with dynamic IP. If you always come from the same IP it's much easier to track you. Not that coming from dynamic IPs protects you, but it at least adds one more step to figuring out who came from a given IP address on a given day/time. It will generally require the cooperation of your ISP.
That said, my IP address hasn't changed in months. Static IP for the price of dynamic. :)
So just leave!
You guys make it sound like you have no other option.
Amongst the many things that would make MSN broadband completely worthless (in my opinion) is its dsl modem that acts as a firewall and keeps you from playing games.
You wouldn't be able to change the MAC address with that modem unless you reverse engineered the firmware.
"FuckStar31337 is using a wireframe hack. Press K to cast your Kick Vote."
Sure, I could get booted out of games arbitrarily by assholes, but I wouldn't want to play with said assholes, anyway. Not that I've even played a game since about 1999...
This will never work.
I looked into this once and it is impossible. Because of ISP's like AOL, and the cable modem people, there is no way to authenticate any IP address. Their cache systems are so bad. I had a friend of mine on cable hit a test page, and the cable company accessed the data from a different IP address for EACH GRAPHIC, and dumped it into their cache, before sending it to my friend. I had 9 different IP addresses from one page request.
Not exactly a unique way of identifying someone.
http://www.ntfaq.com/Articles/Index.cfm?ArticleID= 23256.
@home became Rogers Internet in Canada. On the main page they explain how to use a router to connect your connection to your PS2. How can they filter out whether your using a PS2 or another PC. In Canada, the modem holds the MAC address, simply leave the modem off for 5+ hours, it clears the memory, and you have a fresh start.
It is a source of constant amazement for what passes as news at /.
/. I stopped talking about 1995 technology in 1996.
Don't get me wrong. I love the dot but come on. Show a little integrity and don't insult your own audience's intelligence.
Oh wait. Every one fell for it! All these arguements over nic selling and mac changing and this and that. All pointless.
This issue was blown out of the water over SIX YEARS ago. When I was a fresh geek trying to get into networking everyone was going to manage on NICs. They learned quickly what a waste of time it was. This SP will learn that lesson as well. Geez look at TFC. It gives you a CD assigned ID. A little tougher to forge. But if they are gonna make you install software why not just use a GUID to generate a private key to identify the machine.
Get with it
I completely disagree about average joe cheater being able to know how to change his MAC address. I spent 6 years so far in online gameing community, and the average joe cheater is an idiot, generally not very savvy. Of course there is the smart Joe cheater that will eventually release a program that will change the mac address for you, but thats niether here nor there nor central to the argument.
Also the big thing this will do will stop a lot of college cheating (perhaps a lot is a strong set of words), because a lot of college students cant get on the network if they have a mac address otehr than the one they signed up with.
I know at the university of kansas if you want to get on the network with a diffrent computer (despite the fact that you paied for blanket access or so you think) you have to sign up for a new account (which is another 120 dollars) and getting your account switched over to a new computer is a headache beyond imagining, it involves multiple calls to our network administration offices, and a personal visit.
I think the MAC address, possibly couple with a hardware ID type system might be very plausible.
If you don't vote, you don't matter, so don't waste your time telling me your opinion
If that happens at the Game maker/developer level for example EPIC or ID, they better be prepared for me to sue their ass's. That or you better make dam sure your refund department changes its stance. If I pay $50 to play a Online game and then you ban my entire ISP, which in all likelyhood is the only broadband I can even get, you can be sure I'm going to sue you in small claims court. There is no way a company could get away with that.
Now if some individual running a game server wants to ban someone, thats up to them. But the game maker better stay well away from the issue.
BTW most gamers do NOT have static IP's.
If you wanna get rich, you know that payback is a bitch
If you use a NIC it probably means you have Broadband, Some carriers require you to register your NIC, and I'm pretty sure most of these are in Australia, so it isn't a simple matter of just changine your MAC because if you change it your Broadband will go down.
Must admit that this sounds better, altough I think I would prefer a third party as a CA. But that's just a gut feeling. Your suggestion just to sell CD-keys/certificates is actually quite nice. One could also image certificates with expire dates or certificates you can only use a predetermined number of times.
The glass is half-full. With poison. And there are cracks in the glass. The dirty, dirty glass.
As the software runs on the client machine, I don't think it matters if you have a hub that returns a different MAC, the software will still record the MAC of the machine you were on.
Of course, what will happen is a cracked version will be released that lets you specifiy the MAC you want to report in a config file.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
FWIW it's not only with their gaming service, Telstra identifies by MAC for its cable service as well.
I've experienced once case when I couldn't get an IP off their DHCP but after changing the NIC MAC it worked fine. Consistently.
How can this be insightful ?
ifconfig = Linux.
Game software = windows.
-Linux is SO fast it does an infinite loop in 5 seconds.
assuming that security is really what the purpose is...With this program running it could be a tracking device, a marketing scheme ala spyware, any number of sinister and profitable schemes.
oh my god get a fucking life, or go suck RMS' cock
It's a game server. It's for playing a bloody game. If you don't like their rules, go and play on your own server. Personally I don't object to this, because if I want to play online games I want to be reasonably sure that the other players aren't cheating. This at least shows an attempt to stop the average wallhack Joe Lamer from fucking it up for everyone else.
Novell 3.12 had a
Anyone remember what the name of that was?
Am I the only one that was wondering what the heck this story had to do with Macs and Apple? Damm, I feel so un1337.
I stole this Sig
my toshiba laptop has a reprogrammable mac address on it's network card!
I can spoof all I want.
DMISI does this to keep you using only one computer on each ethernet port to keep usage down. However, routers can clone MAC addresses and the only people who would be using servers on the network know how to set up a router. I think this is IT people garunteeing safety that doesn't exist. =P
Cheating as an art form
You were mistaken. Which is odd, since memory shouldn't be a problem for you
You can ban CD keys. Basically the only way around that is to buy a new copy of the game, which I doubt many people are willing to do.
Teh CD keys are also an effective anti-piracy measrure, and one that isn't bothersome to legit users. When you are using the game for local play, the CD key doesn't matter, it's never checked. When you play on the Internet, however, the CD key is authenticated.
When you first go to play multiplayer games, you client talks to the master server and lets it know what it's key is, the server chekcs and authenticates this against its list. Then, when you connect to a server the server checks your key, and asks the master if this is a legit key and if that key has authenticated. If not, the server refuses the connection.
Hence, you can ban a CD key, and be very certian that the person it belongs to has been completely banned. Things like key generators aren't effective because while they can know the algortihm used to make legit keys, the keyspace is huge and they have no way of knowing which are actually legit and which aren't.
So it ends up working out pretty nice for both parties. Bioware gets some copyprotection that there is actually a reason for srever owners to want to use.
Banning isn't the only reason they are implementing this. According to the FAQ,
"A major issue with [people finding/connecting through other gamebrowsers such as GameSpy, in-game-browsers, etc] is that users would frequently be playing on the GameArena servers whilst being almost totally unaware of the other services offered by GameArena, for example the files library, the ladders, GameCreate, the messageboards, and the statistics. "
I have a feeling that the real intention behind this is to make sure that their other services are promoted to people playing on their servers. I'm not going to argue if this is a good or bad thing, but I believe that it is the real reason behind the requirement.
Price, Quality, Time. Pick none. What, you thought you had a choice?
Q. How can I change my media access control (MAC) address under Windows NT 4.0?
c es\\Parameters.
A. Each network adapter card has a MAC address, which machines on local subnets use to talk to each other. MAC addresses are usually burned into the adapters during the manufacturing process. To overwrite a network adapter card's default MAC address, perform the following steps:
1. Start the registry editor (e.g., regedit.exe).
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
3. From the Edit menu, select New - String Value.
4. Type a name of NetworkAddress, and press Enter.
5. Double-click the new value, and enter the adapter's new MAC value.
6. Click OK.
7. Close the registry editor.
8. Reboot the machine.
This makes me very happy- One should be able to deliver their cutting remarks and wage psychiological warfare upon the weak with one liners like "Yeah thats what your mom did last night, cock jocky."
That is the essence of multiplayer gaming, and any attempt to deprive us of that should be fought bitterly.
Call me dumb, but it seems to me people are overlooking the fact that this is a client software download and install. Perhaps the client software somehow records your MAC address at the time, and that is what is sent to their servers for authentication ever after. Perhaps they are aware of how easy it is to spoof a MAC address? So they could be generating an ID from the installation and initial connection to their servers, then stored on your machine inside their client. Change the MAC address any way you want (new nic, change direct, whatever), and they still know it's coming from you.
I'm not saying this is what they did, just wondering why everyone is so quick to assume they are smarter than they guys who designed this. Are you trusting their FAQ to give you COMPLETE details on how they are authenticating? Like a virus, once you let them install a game client, you are no longer in control. Still beatable, but the hassle of getting rid of the client completely (they could be writing files ANYWHERE once you let them install), combined with the fact that even if you succeed, you will have wiped out your client (and presumably therefore lose access to any history or scores on the servers), means this could be more effective than people are giving it credit for.
Spoofing MAC's is easy. I just wouldn't be so arrogantly sure that they've overlooked how simple it is to change a MAC address.
You may not believe this, but many gamers, even ones who play quite a lot, are not at all interested in Clans. I go out of my way to avoid the stupid things. I don't know how many hundreds or thousands of times I have been invited to join someone's stupid little clan (or stupid big clan). Clans are not the answer. Some of us don't like being associated with just one group or another (on a similar note, some people think fraternities and sororities are incredibly lame). Not that this has anything to do with the article. The honour system doesn't work in online multiplayer games. This has been shown to be true since the beginning of online gaming. And while it may work for your little lamer groupie fighting, it is not a solution for the rest of us.
:-) Dude, the translocator is the worst idea ever. It ruined UT, and it continues to ruin every game that uses it. Good servers are those that disable translocators.
BTW: I once had a cheater on my team in a pub UT CTF match. I switched sides and telefragged him 'til he gave up and disconnected. That was fun.
With all this talk about comparing MAC addresses and changing them or buying new cards, its easy to overloook to obvious method of circumventing the program...
Take the NIC out of the computer (who needs a network anyways?) and play over dialup!
Urgo: "I want to live. I want to experience the universe and I want to eat pie!"
Jack: "Who doesn't??"
...Come to think of it, that's probably why game companies already do just that... Ban by IP is a joke, ban by MAC isn't any better, Ban by CDKEY is practically the only thing you can do.
Of course there is the smart Joe cheater that will eventually release a program that will change the mac address for you, but thats niether here nor there nor central to the argument.
..and I go to a pretty large school that uses MAC addresses to authenticate client computers..but only when requesting an IP from the DHCP server. We all have static IP addresses, but they're assigned by a DHCP server that hands them out based on MAC addresses, if you statically assign one not in use to your computer, you'll get on fine and no one will probably notice for a good while, so long as you don't keep it on 24x7. I wouldn't be surprised of other colleges did something similar.
If there is a program that allows you to do it, then Joe Cheater *does* know how to do it, regardless of his knowledge of what goes on behind the scenes.
--- What
...nor is it optional to install. "Install it
or find another server to play on".
Doesn't the presence of the word 'or' in that sentence PROVE that it's optional?
What a crock of bullshit.
If there are 2 people in a room the potential for both having the same birthday is 50% because there are only 2 possibilities: YES or NO. The likelyhood (probability) is 1/(365 - nb) where n=# of birthdays.
The MAC pool is 0 - FF FF FF FF FF FF FF FF, or 0 - 2^48. Returning to the birthday formula,
CHANCE OF PICKING
any single MAC = 1 / (2^48)
same MAC on 2 pcs = 1 / ((2^48) -1)
the rest of the math escapes me for the moment.
Retard.
You must work for UPS
That's the tragedy of the commons. All it takes is one asshole to ruin it for everyone. The only solution is to regulate it, and the only way to regulate it online is to block ISPs of bad users, because ISPs are slightly harder to change than MAC addresses.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
They have NV ram. The testing program forces the user to look at MAC before going to the cycle. It also allows retyping it. deadbeefbabe
I use the NetGear (RM356) 56k modem routers a lot. They also allow renaming MAC.
The ancient Lantastic cards also permit permanent change of MAC.
Changing MAC is a reeeeeeeeeeeally ordinary idea.
Well no, it won't. If everyone uses DE:AD:BE:EF:BA:BE at a LAN party, then yes, things will break. If you're the only DE:AD:BE:EF:BA:BE on your segment, who cares. MAC addresses, by design, are only significant on the local LAN.
If someone (Telstra) ignores the RFCs and writes something that changes that, and it breaks their system (GameArena), then that's their own stupid fault.
I find your ideas intriguing and I wish to subscribe to your newsletter.
I suspect that most of the customers on Telstra's GameArena are with Telstra BigPond ADSL - which does not have static IPs. Banning the IP simply won't work.
Just reading through comments here shows that many people are not aware of how to change their MAC address. Yes, this will not stop the determined cheater, but it will stop the 14 year old who thinks it's funny to get cheat scripts off the web and make rude remarks.
It seems reasonable to me.
So long as you don't change things that break your local segment (ie: duplicate MACs), then you're fine - go for your life.
I find your ideas intriguing and I wish to subscribe to your newsletter.
Regardless of ethics or efficacy of this approach it has one undesireable effect: there's no non-Windows client. Therefore, should you be using Linux (or Mac) to play any of the games you are plain out of luck.
Can anyone say, kick-back from Microsoft?
Not really a valid comparision, since the power company and other utilities tend to be regulated.
Perhaps it was a bad comparison, but unregulated monopolies do exist. Look at the owner of any subsisting copyright or patent.
You're talking about two different things - what a game server admin can do legally, and what conduct the user community is going to accept.
They're not entirely different. If a game flops because of the behavior of the publisher's exclusive server provider, the publisher loses the money it invested in developing and marketing the game and creating the server infrastructure. If the publisher loses too much money, it has its hands tied legally (bankruptcy law).
It is legal for the admin to decide who gets to play, but you have to be careful not to alienate the userbase.
Really? If you're a big company, you reserve the exclusive right to run servers for a game that you publish, and running a server for a given game is no longer profitable, you shut down the game's server. You don't care about alienating a particular game's userbase because alienating the userbase boosts your bottom line, that is, unless the game's userbase decides not to buy your next game.
(oh, and any scheme which is built on trusted clients will be crackable)
Except in the USA, one of the world's largest markets for PC video games.
Will I retire or break 10K?
The location it gives for my ip is actually about 600km off the mark...
Basically how the system (called COGS, for "Complete Online Gaming System") works is: All the game servers have been moved behind a firewall. By default, it blocks all access to them.
When a user wants to play, they fire up the COGS client. They enter a username and password, and it authenticates them with the server. Server then punches a hole in the firewall for that IP. The client has to keep running - it keeps a connection open to the server, exchanging tokens every 5 minutes or so - or the firewall will close again.
While people are connected, the client uses a combination of username and MAC to identify them - so the same user can be logged in from more than one place at once - and the same MAC could be in use by 2 people. If people were to be banned using this system, it would be the username that was flagged - and other mechanisms would be used to make it hard for the troublesome users to get a new username/password.
Those mechanisms might use MAC addresses, but they are not expected to be perfect anyway - usernames and passwords can be given from one person to another, and it's supposed to be easy for new users to create themselves an account, so there is no real way to prevent cheaters from coming back. However, with some protective measures in place, the path of least resistance becomes, "go and annoy people on a different server," so we still get rid of the idiots.
In a completely unrelated point, most gamers who've taken the time to discuss the new system, hate it. The COGS client includes an irc client (hardwired to their irc server, which doesn't like other clients connecting to it), and all sorts of other "junk". But that's a different matter...
GameArena have also "done the right thing" by making 3 clients available: One for windows, one for linux, and one for MacOS. So, any OS that could run any of the games for which they provide servers, has a COGS client they can run.
(if you're wondering why I didn't post this comment earlier, well, I'm actually in Australia, one of the people who use the game servers in question, and I only just woke up :P)
My Linksys router can has an option to 'clone' - i presume spoof MAC addresses. Check it out, y'all .. its under the advanced tab.
These cards are not maintained by Donald anymore: /usr/src/linux/driver/net/8139too.c
> 8139too.c: A RealTek RTL-8139 Fast Ethernet driver > for Linux.
>
> Maintained by Jeff Garzik >
> Copyright 2000-2002 Jeff Garzik
I've got one of those cards, they work 100% fine.
Great, I can now win by getting all my opponents banned from the game server:
/usr/sbin/getmacuserbanned.sh
for i in $opponent_mac
do
ifconfig eth0 down
ifconfig eth0 hw ether $i
ifconfig eth0 up
done
Xix.
"Everything is adjustable, provided you have the right tools"
I'm not even going to comment on what I think of this document as a whole. It's not even worth that. However:
I'm sorry?? Some game developers are cool enough to release versions of their software that runs on other operating sytems, and we applaud that. They run a games server service and they encourage developers who only develop for windows? Sheesh!
Another one:
Um, I think I missed something here... they even say this:
Err.. "COGS reports and stores some information which is vital to the service." Riiight. I'm sorry, how is this not spyware?
It's bad enough that this is compulsary.. let alone that it reports back.
and, finally:
Oh, real technical language used there I see. I am wondering: Does this idiot actually know what he is talking about? It seriously looks like he's gone to a meeting with techies, played buzzword bingo with them and decided to write this article.
You have a sick, twisted mind. Please subscribe me to your newsletter.
Not that I expect [the release of a video game server daemon independently developed through reverse engineering] to ever happen for a sufficiently complex game
Then what's bnetd? It's a program licensed under GNU GPL that lets anybody set up a competitor to Battle.net service. However, assuming enforceability of shrinkwrap EULAs, the Blizzard EULA specifically prohibits users from running or connecting to bnetd-type services.
Will I retire or break 10K?
'nuf said.
Many of them based on id software's engines, there are many games nowadays that use CD keys to prevent piracy. One of the first was Half Life, and unfortunately Half Life sold very well and used too simple a key... so it is relatively easy to 'generate' a valid Half Life key.
However, Quake 3 and related games have a CD Key system as well, and their keys are much more cryptographically secure. They have a legal keyspace in the trillions, making it very difficult to generate valid keys.
The system works. You can crack the game to make the key unnecessary, but you cannot crack all the Internet servers you could connect to. So a warez monkey can only play the game in single player or on a LAN, not on random Internet servers.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
Don't manufacturers have to put a unique MAC on all cards. Is this static? I know you can spoof them but i am not sure if you can actually change the original completely from the card. Since you are installing an app to pick up the MAC address, Could they be directly acessing the NIC to find the original manufactures assigned MAC?
The main use of the software (COGS) is to lower the bandwidth usage of 50-odd gaming servers GameArena run. It definitely works. All the RtCW servers are empty, apart from the ones that the 'clanners' use. I ask GameArena: where my noobs at?
Telstra are a massive behemoth. There is frequent talk of 800lb gorillas referring to the RIAA. Well, in Australia, Telstra is King Kong to that Gorilla.
They tried this sort of shit years ago, with Wireplay, Telstra's online gaming network. it died, because people weren't willing to use a proprietary client to access games that were free elsewhere. When said client was also sucking down its own bandwidth, u can see why it failed. Now that more and more people are broadband, looks like they are trying again.
Don't get me wrong, they have to make money out of their investment somehow, but I don't think this is the way yet.
Yay me!
All this talk about MAC Addresses and banning is a side issue. Many of us GameArena users don't want to be forced to use their client with built int web browser/server browser/IRC client/authentication client just to play on the servers.
;)
These are the only servers that don't count against Telstra's, (GA is a subsidiary of Telstra) 3GB bandwidth cap. So a simple 'go play on another server if you don't like it' is pretty rude to paying Telstra customers. We pay for the servers, (indirectly), and yet can't access them without using COGS.
The conspiracy theorists in this community are expecting banner ads, spyware, forced surveys, possibly even subscription fees, (GA used to be a WirePlay franchise), to all stem from this client.
And for us linux gamers, we did finally get an auth-only client so we can now reach the servers - and better than that we didnt get any of the bloatware the windows people got
Just to add to the list.
Netgear FA311 - immediate option to change as above.
Ditto the unknown model of Allied Telesyn card I have. (another 10/100) PCI.
and yes, the average person trying to cheat is going to have to have been semi savvy to get the cheats working. So they probably know a little.
They tried this trick at Cardiff University too. They INSISTED you use one particular model of network card. (strangely the one they sold)
They couldn't of course insist you bought it from them. So for my brother I found someone I knew with the nick, copied his so it'd be from Intel's range and just changed his AN other card to use it.
Unsurprisingly, never a problem.
Ditto at my uni. They controlled by MAC (that you supplied) but were almost impossible to get hold of if you ever needed to change it. When I upgraded my machine I simply told it to use said old MAC.
Then had them both on one network at home because I forgot. Whoops.
hmm mac spoof and hijacking to play havoc with the servers... Im so glad that gaming servers are in the hands of idiots
A law that cannot be enforced because too many people refuse to observe it is probably a bad law, and should be amended.
Most dashslotters know that you can easily change the MAC address of a computer (PC, Macintosh, Sun ...) quite easily. If the "third party software" in question gets round the changes that something like ifconfig can make, well somebody will "reverse engineer" the software and distribute a patch.
The "MAC-based ban" mechanism will fail.
IANAOGP, but I think that the game server needs to be changed, to make it harder to break the rules, rather than trying to punish those who break them.
If you want to stop people from driving their cars too fast in a residential area, what do you do?
Modify the environment sufficiently, and people won't tryto cheat, because the extra effort won't be worth the marginal gain.
Not dumb, just ignorant. :) You can't spoof a MAC address. You can flash the ROM on the NIC to give it a new MAC (if it can be flashed and if you know how), but you can't "spoof" a MAC address. It's like "spoofing" having a network card. "'m telling you Mr. Router, that piece of bread really is a network card."
Your MAC address never gets sent off your local area network in a packet header. The only way to send it over the internet is is to encapulate the data in something that does travel over the net--a TCP/IP packet. So you have to download the software and run it before anyone can know what your MAC address is. Using a web browser to download the software won't send anyone your MAC address.
To the moderator that moderated this as redundant: I have meta-modded you as unfair. This lessens the chance that you will moderate in the future. I dont think this person has said often enough that they have these cards in backup often enough to deserve redundant. Next time, please learn to read either the context or the moderator guidelines.
Anonymous MetaMod